Files
zroc/zroc-ova/overlays/usr/local/bin/zroc-setup
T
2026-04-12 17:12:19 -04:00

114 lines
3.7 KiB
Bash

#!/usr/bin/env bash
# /usr/local/bin/zroc-setup
# Interactive first-boot configuration wizard for the zROC appliance.
set -euo pipefail
INSTALL_DIR=/opt/zroc
ENV_FILE="$INSTALL_DIR/.env"
CERTS_DIR="$INSTALL_DIR/certs"
CYAN='\033[0;36m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
RED='\033[0;31m'; BOLD='\033[1m'; RESET='\033[0m'
header() { echo -e "\n${CYAN}${BOLD}$*${RESET}"; }
ok() { echo -e "${GREEN}$*${RESET}"; }
warn() { echo -e "${YELLOW}$*${RESET}"; }
err() { echo -e "${RED}$*${RESET}"; }
step() { echo -e "\n${BOLD}Step $*${RESET}"; echo "$(printf '─%.0s' {1..55})"; }
clear
echo -e "${CYAN}"
cat << 'BANNER'
███████╗██████╗ ██████╗ ██████╗
╚══███╔╝██╔══██╗██╔═══██╗██╔════╝
███╔╝ ██████╔╝██║ ██║██║
███╔╝ ██╔══██╗██║ ██║██║
███████╗██║ ██║╚██████╔╝╚██████╗
╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝
Setup Wizard — Zerto Resiliency Observation Console
BANNER
echo -e "${RESET}"
# Step 1: Network
step "1/6 Network Configuration"
CURRENT_IP=$(hostname -I | awk '{print $1}')
echo "Current IP: ${BOLD}$CURRENT_IP${RESET} (DHCP)"
read -rp "Keep DHCP? [Y/n]: " NET_CHOICE
NET_CHOICE="${NET_CHOICE:-Y}"
PUBLIC_URL="https://$CURRENT_IP"
ok "Using $CURRENT_IP"
# Step 2: TLS
step "2/6 HTTPS / TLS Certificate"
echo "Using self-signed certificate (default)"
TLS_MODE="internal"
ok "Self-signed certificate will be generated by Caddy"
# Step 3: Admin password
step "3/6 zROC Admin Account"
while true; do
read -rsp "Admin password (min 12 chars): " ADMIN_PASS; echo
read -rsp "Confirm password: " ADMIN_PASS2; echo
if [[ "$ADMIN_PASS" != "$ADMIN_PASS2" ]]; then err "Passwords do not match.";
elif [[ ${#ADMIN_PASS} -lt 12 ]]; then err "Password must be at least 12 characters.";
else ok "Admin password set"; break; fi
done
# Step 4: ZVM Site 1
step "4/6 Zerto ZVM Configuration — Site 1"
read -rp "ZVM Hostname or IP: " ZVM_HOST
read -rp "ZVM Username [admin]: " ZVM_USER; ZVM_USER="${ZVM_USER:-admin}"
read -rsp "ZVM Password: " ZVM_PASS; echo
read -rp "vCenter Hostname (optional): " VCENTER_HOST
# Step 5: Second site
step "5/6 Second ZVM Site (optional)"
read -rp "Monitor a second site? [y/N]: " SITE2; SITE2="${SITE2:-N}"
# Step 6: Enterprise IdP
step "6/6 Enterprise Identity Provider (optional)"
echo "Using local Authentik accounts (default)"
# Generate secrets
SESSION_SECRET=$(openssl rand -hex 32)
AUTHENTIK_PG_PASS=$(openssl rand -hex 24)
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 48)
OIDC_CLIENT_ID="zroc-dashboard"
OIDC_CLIENT_SECRET=$(openssl rand -hex 32)
# Write .env
cat > "$ENV_FILE" << EOF
PUBLIC_URL=$PUBLIC_URL
ZVM_HOST=$ZVM_HOST
ZVM_USERNAME=$ZVM_USER
ZVM_PASSWORD=$ZVM_PASS
VCENTER_HOST=${VCENTER_HOST:-}
SESSION_SECRET=$SESSION_SECRET
AUTHENTIK_PG_PASS=$AUTHENTIK_PG_PASS
AUTHENTIK_SECRET_KEY=$AUTHENTIK_SECRET_KEY
AUTHENTIK_CLIENT_ID=$OIDC_CLIENT_ID
AUTHENTIK_CLIENT_SECRET=$OIDC_CLIENT_SECRET
ZROC_OIDC_CLIENT_ID=$OIDC_CLIENT_ID
ZROC_OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
ZROC_PUBLIC_URL=$PUBLIC_URL
AUTHENTIK_ADMIN_TOKEN=PENDING_FIRST_START
GRAFANA_PASSWORD=$ADMIN_PASS
PROMETHEUS_URL=http://prometheus:9090
EOF
chmod 600 "$ENV_FILE"
ok ".env written to $ENV_FILE"
# Start services
echo "Starting zROC services..."
cd "$INSTALL_DIR"
docker compose up -d 2>&1 | tail -20
systemctl disable zroc-firstboot.service 2>/dev/null || true
echo -e "${GREEN}${BOLD}"
echo " ✅ zROC is ready!"
echo " Dashboard: $PUBLIC_URL"
echo -e "${RESET}"